Session Initiation Protocol (SIP) is a signaling protocol to set up and tear down a Voice Over Internet Protocol (VoIP) call. SIP messages do not actually carry voice packets. Instead, they contain control signals that create, modify, and terminate calls or sessions between one or more participants. A separate channel or path using the Real-time Transport Protocol (RTP) typically transports the voice packets. As VoIP deployments are increasingly popular, a need exists for secure VoIP calls that encrypt both the signaling message and the voice packets. VoIP devices use Transport Level Security (TLS) or Internet Protocol Security (IPSec) to secure signaling channels.
Internet Protocol (IP) phones typically include a display that indicates a call is secure. For example, a shield icon in Cisco IP telephones may indicate that a call is encrypted and, hence, secure. This shield icon, however, only indicates that the call or the media flowing to/from the local IP telephone is encrypted and does not necessarily indicate that the call is truly secure from an end-to-end perspective. For example, an IP phone may initiate a VoIP call that traverses securely through an IP-to-IP gateway. The voice call leaves the IP-to-IP gateway and arrives at an unsecured Public Switched Telephone Network (PSTN), where the voice call is decrypted before reaching the destination IP phone. The destination IP phone, however, may still flag the voice call as secure since the voice call traversed a secure last leg from the IP-to-IP gateway, after the PSTN, to the destination IP phone. For another example, a phone system may re-route a PSTN call through a VoIP network and vice versa. When this occurs, the VoIP call traverses the PSTN unencrypted, and thus not secure end-to-end. As with the former example, the destination IP phone may still flag the call as secure and perhaps display the shield icon because the last leg of the call is secure, even though the call is not secure from end-to-end.